upload.ee/download/15555804/9371d52e39701d75b645/growroulette_v3.15.exe
290 B URL upload.ee/download/15555804/9371d52e39701d75b645/growroulette_v3.15.exe
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 0523fc71abc70fea02fc5531744ecdcd
9cfe3692ec80cd5515673ee5f11e353326b402c8
57f17f3af317e9675c10ef252ba78eb7d38f03d5292a5bd320f153fed2282992
GET /download/15555804/9371d52e39701d75b645/growroulette_v3.15.exe HTTP/1.1
Host: upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 20 Sep 2023 23:00:56 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 290
Connection: keep-alive
Keep-Alive: timeout=5
Location: http://www.upload.ee/download/15555804/9371d52e39701d75b645/growroulette_v3.15.exe
www.upload.ee/download/15555804/9371d52e39701d75b645/growroulette_v3.15.exe
0 B URL www.upload.ee/download/15555804/9371d52e39701d75b645/growroulette_v3.15.exe
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /download/15555804/9371d52e39701d75b645/growroulette_v3.15.exe HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 20 Sep 2023 23:00:56 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
Location: https://www.upload.ee/download/15555804/9371d52e39701d75b645/growroulette_v3.15.exe
www.upload.ee/download/15555804/9371d52e39701d75b645/growroulette_v3.15.exe
395 B URL www.upload.ee/download/15555804/9371d52e39701d75b645/growroulette_v3.15.exe
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (395), with no line terminators
Hash 70db664bcd7e75674cd2c7e8783b371a
bd5b0017e1b69a4a81831153337a74acb0c4a70b
8a8e29f65474b1446dbb0c04eece4b4eb493213ba41e76a0d2603dbb9dcc6c9b
GET /download/15555804/9371d52e39701d75b645/growroulette_v3.15.exe HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 20 Sep 2023 23:00:56 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 395
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
www.upload.ee/download/15555804/9371d52e39701d75b645/growroulette_v3.15.exe
395 B URL www.upload.ee/download/15555804/9371d52e39701d75b645/growroulette_v3.15.exe
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (395), with no line terminators
Hash 70db664bcd7e75674cd2c7e8783b371a
bd5b0017e1b69a4a81831153337a74acb0c4a70b
8a8e29f65474b1446dbb0c04eece4b4eb493213ba41e76a0d2603dbb9dcc6c9b
GET /download/15555804/9371d52e39701d75b645/growroulette_v3.15.exe HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 20 Sep 2023 23:00:57 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 395
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
www.upload.ee/files/15555804/GrowRoulette_v3.15.exe.html
9.0 kB URL www.upload.ee/files/15555804/GrowRoulette_v3.15.exe.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4526)
Hash 7dfced0616a13ae5f8d7ff6d01c544df
733d1b64bd53a5fac7f8d7561cf9e4999b606f31
c409978c106758488c2a91f062d52f1e782be833d20c477cf215c8ee6a61ab62
GET /files/15555804/GrowRoulette_v3.15.exe.html HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/download/15555804/9371d52e39701d75b645/growroulette_v3.15.exe
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 20 Sep 2023 23:00:57 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 8959
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 21 Sep 2023 02:00:57 +0300
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
Set-Cookie: lng=eng; expires=Wed, 18-Oct-2023 23:00:57 GMT; path=/; domain=www.upload.ee; secure; httponly; SameSite=None
Content-Encoding: gzip
www.upload.ee/static/ubr__style.css
2.9 kB URL www.upload.ee/static/ubr__style.css
IP
File type ASCII text, with very long lines (591), with CRLF line terminators
Hash 3ba04e290212b44bcca8f10a60a4e879
a9b021c9019bdbb28250836039b2372a1b4d0f0f
f618b1c7be10c3203620d44c6f323be5b61ac10e67588d96cb69988b3173c7d2
GET /static/ubr__style.css HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15555804/GrowRoulette_v3.15.exe.html
Cookie: lng=eng
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 20 Sep 2023 23:00:57 GMT
Content-Type: text/css
Last-Modified: Fri, 04 Oct 2013 10:02:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
ETag: W/"524e9233-25a0"
Expires: Wed, 27 Sep 2023 23:00:57 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Content-Encoding: gzip
du0pud0sdlmzf.cloudfront.net/?dupud=997369
118 kB URL du0pud0sdlmzf.cloudfront.net/?dupud=997369
IP
File type Unicode text, UTF-8 text, with very long lines (15948)
Size 118 kB (117747 bytes)
Hash 057e95ff228410cc439279456f5a5bfc
d69fecc03ccd7b478ebc35ecd1ee0d24fabc5cc8
b456beb923c1e169993cbf24eae4fbbbfb0fab5a90a7141ccdd821eb7357cdc9
GET /?dupud=997369 HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 117747
date: Wed, 20 Sep 2023 22:20:30 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Hit from cloudfront
via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: auELF2pI8l_zVv8NnRAcBp16jRy6vAov0SCYgWh9sh1qp8fqTNF93w==
age: 2427
X-Firefox-Spdy: h2
www.upload.ee/js/js__file_upload.js
27 kB URL www.upload.ee/js/js__file_upload.js
IP
File type Unicode text, UTF-8 text, with very long lines (1853)
Hash 617f6d5a2744bc8c02e3d2c67544bd68
f57c068257c8bc85644d3be1e845c36506cd4625
62a3bb4d9d2b5a55b6d821a75d7b155fac47def3c241e4f1215d17e022f02658
GET /js/js__file_upload.js HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15555804/GrowRoulette_v3.15.exe.html
Cookie: lng=eng
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 20 Sep 2023 23:00:57 GMT
Content-Type: application/javascript
Content-Length: 27351
Last-Modified: Thu, 07 May 2020 19:13:28 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "5eb45dd8-6ad7"
Expires: Wed, 27 Sep 2023 23:00:57 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Accept-Ranges: bytes
www.upload.ee/images/dl_.png
1.9 kB URL www.upload.ee/images/dl_.png
IP
File type PNG image data, 154 x 32, 8-bit colormap, non-interlaced\012- data
Hash f3e8f284a4e98cdb91b6abfc142d94a4
fa9e618c2f56bea752ddd7e45a372c5539dadda9
2f13919383f54ca21e5b87f5644df8a875b99815c821dcbbabea352d854c6882
GET /images/dl_.png HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15555804/GrowRoulette_v3.15.exe.html
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 20 Sep 2023 23:00:57 GMT
Content-Type: image/png
Content-Length: 1900
Last-Modified: Thu, 01 Dec 2016 09:37:27 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "583fef57-76c"
Expires: Wed, 27 Sep 2023 23:00:57 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
www.upload.ee/images/arrow.gif
59 B URL www.upload.ee/images/arrow.gif
IP
File type GIF image data, version 89a, 6 x 9\012- data
Hash 6675f814b94f13f91f1383707b250e36
31452650e8fce2095613a2010799bdb7548bdd51
061d01a0b85f948c6ec464870ecec4654c4bd2ff15cacda941bbbf16225ec411
GET /images/arrow.gif HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15555804/GrowRoulette_v3.15.exe.html
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 20 Sep 2023 23:00:57 GMT
Content-Type: image/gif
Content-Length: 59
Last-Modified: Sun, 14 Apr 2013 07:15:01 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "516a5775-3b"
Expires: Wed, 27 Sep 2023 23:00:57 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
472 B IP
Hash c26db5b7e67796d07f5743c47aac1d8d
15ae6c46df2af330a26d64166a9df72d038b16cb
f0f73451176c560f54ad1174073e4dbaa6697a11c6a5fdf3ccfe67ab4b93011d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 20 Sep 2023 23:00:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-6703115-1
200 OK 52 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=UA-6703115-1
IP
Requested by https://www.upload.ee/files/15555804/GrowRoulette_v3.15.exe.html
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintE6:F7:82:C1:10:AC:08:76:A1:97:70:B7:56:B7:EF:92:30:BA:1E:12
ValidityMon, 14 Aug 2023 08:16:28 GMT - Mon, 06 Nov 2023 08:16:27 GMT
File type ASCII text, with very long lines (2213)
Hash 29e721e90bf9d683e52184f516915968
a0ff86ce8f2d06ae57a02e0d913299e4a2ae310e
94618dcf81b272e978c7a10982b0e929265477f0e204ee8388ce2765fafc1fc9
GET /gtag/js?id=UA-6703115-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 20 Sep 2023 23:00:57 GMT
expires: Wed, 20 Sep 2023 23:00:57 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 51490
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
472 B IP
Hash c26db5b7e67796d07f5743c47aac1d8d
15ae6c46df2af330a26d64166a9df72d038b16cb
f0f73451176c560f54ad1174073e4dbaa6697a11c6a5fdf3ccfe67ab4b93011d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 20 Sep 2023 23:00:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
asrntiljustetyerec.info/M0d0b3IceBccT1ctMhknAw0wLkNfLBcEN3QfGRtAYgYiDShrKFIbG1d6TVZFAHFNSQJaI0leVEAzFRsHQHpFSRtdIRtSVEV6RUFBB2lHW1wDYQFSQxUzBA4VDnZSHwZHK0leRApyRlpCC3JMXUsB
0 B URL asrntiljustetyerec.info/M0d0b3IceBccT1ctMhknAw0wLkNfLBcEN3QfGRtAYgYiDShrKFIbG1d6TVZFAHFNSQJaI0leVEAzFRsHQHpFSRtdIRtSVEV6RUFBB2lHW1wDYQFSQxUzBA4VDnZSHwZHK0leRApyRlpCC3JMXUsB
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /M0d0b3IceBccT1ctMhknAw0wLkNfLBcEN3QfGRtAYgYiDShrKFIbG1d6TVZFAHFNSQJaI0leVEAzFRsHQHpFSRtdIRtSVEV6RUFBB2lHW1wDYQFSQxUzBA4VDnZSHwZHK0leRApyRlpCC3JMXUsB HTTP/1.1
Host: asrntiljustetyerec.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Wed, 20 Sep 2023 23:00:58 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GMBNRFA7r2NZrHywHGabynOXR47CTiYcjbnP%2FAHWD%2BE4ZVE3Nzig2rKpg4bI5Y4bvRNGEJFIgKUL77T%2FrnInS9q8cKWFB3eoFjrfEltaewNVHM77m3nF3zBUChfo7c9i4zChXm98ujhTcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 809db0074c8db521-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
asrntiljustetyerec.info/TDNQTHljDDM/RBVdHiAofWEIHhUKSQl9KwpmCBYSGVgWHh0NFSQlHXEKaXtNfAt2PBAoDmF0Xz9HMTgMPw5hahAiVT9xXzoOYWJJYgF+eF85DmFqDTxSN3FIakMkOBVxAmZ1TH4GYHRMdABjeQ
204 No Content 0 B URL GET HTTP/2 asrntiljustetyerec.info/TDNQTHljDDM/RBVdHiAofWEIHhUKSQl9KwpmCBYSGVgWHh0NFSQlHXEKaXtNfAt2PBAoDmF0Xz9HMTgMPw5hahAiVT9xXzoOYWJJYgF+eF85DmFqDTxSN3FIakMkOBVxAmZ1TH4GYHRMdABjeQ
IP
Requested by https://www.upload.ee/files/15555804/GrowRoulette_v3.15.exe.html
Certificate IssuerGoogle Trust Services LLC
Subjectasrntiljustetyerec.info
Fingerprint7B:C5:F6:34:71:04:E4:36:D0:B1:46:50:69:1E:05:7F:D2:9F:62:27
ValidityMon, 04 Sep 2023 06:55:46 GMT - Sun, 03 Dec 2023 06:55:45 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TDNQTHljDDM/RBVdHiAofWEIHhUKSQl9KwpmCBYSGVgWHh0NFSQlHXEKaXtNfAt2PBAoDmF0Xz9HMTgMPw5hahAiVT9xXzoOYWJJYgF+eF85DmFqDTxSN3FIakMkOBVxAmZ1TH4GYHRMdABjeQ HTTP/1.1
Host: asrntiljustetyerec.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Wed, 20 Sep 2023 23:00:58 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EXqDPspLZpUPHzrqmtZE59qtP5jnBDBZ%2FyRnkMwME5sA36nk6b2EXMKXAPSc2b4MI9DVJl6qEwX21SBALs3TFrvWIfBWWMIdTI6puJQX3XpKIqk5Eb9fmvIVuKflUIwU8fzc3uMHLwdJnA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 809db0077ca7b521-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
nanrumandbac.com/ODd2NHBZVRVZT1kKFBIFSltLEUJ+EkRyFE0HBkEUCEQSWB1CUVhXHFdCElICV1kCGh5dQ1MGNnlVIFg8bnAjez5RYg9jGFNAOgYcW2ExAURhWw54PUJQQXcICVw5XBNxcQ52SXBeBmEgQAIYZQhTXToGHG5kDGEBd1A8ZRZBA0B2HHpYFGAlenNEZlUKcRVcNVx5H3YAflAFAzxSej5wGksAPAQ9YXg+bUV7XxVDOkJQM2c3S3kvYQRcUT5YG2xlIFsVVnEheENAAix1G315DAADaXFPRD0KTyJ5HQESRHITbm4AUjhUXDBMBABSNGIlYGA0WCp9Tz9VQxVEDHUxDE48fDZgfERAR2JhIFARcEMaZTYBRzpgQGB0MgwbdHI0UjgLRxpiNXZHFGc2YW83EhpLWBhETUl0G045Dn05DRZtBA
200 OK 1.2 kB URL GET HTTP/2 nanrumandbac.com/ODd2NHBZVRVZT1kKFBIFSltLEUJ+EkRyFE0HBkEUCEQSWB1CUVhXHFdCElICV1kCGh5dQ1MGNnlVIFg8bnAjez5RYg9jGFNAOgYcW2ExAURhWw54PUJQQXcICVw5XBNxcQ52SXBeBmEgQAIYZQhTXToGHG5kDGEBd1A8ZRZBA0B2HHpYFGAlenNEZlUKcRVcNVx5H3YAflAFAzxSej5wGksAPAQ9YXg+bUV7XxVDOkJQM2c3S3kvYQRcUT5YG2xlIFsVVnEheENAAix1G315DAADaXFPRD0KTyJ5HQESRHITbm4AUjhUXDBMBABSNGIlYGA0WCp9Tz9VQxVEDHUxDE48fDZgfERAR2JhIFARcEMaZTYBRzpgQGB0MgwbdHI0UjgLRxpiNXZHFGc2YW83EhpLWBhETUl0G045Dn05DRZtBA
IP
Requested by https://www.upload.ee/files/15555804/GrowRoulette_v3.15.exe.html
Certificate IssuerAmazon
Subjectnanrumandbac.com
FingerprintB9:07:AE:0C:C3:B4:7D:64:13:E1:A6:C7:EB:25:99:0F:9E:6D:43:A2
ValidityWed, 13 Sep 2023 00:00:00 GMT - Fri, 11 Oct 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3020), with no line terminators
Hash 37f74044be196b08afbd4c9863ea1314
b6151abd74c6663266c8772837027e075ab780d8
2e722be5796cd4cabdf0500f9ca71ddde35211b29b56878cd3ccc5ad86ef91eb
GET /ODd2NHBZVRVZT1kKFBIFSltLEUJ+EkRyFE0HBkEUCEQSWB1CUVhXHFdCElICV1kCGh5dQ1MGNnlVIFg8bnAjez5RYg9jGFNAOgYcW2ExAURhWw54PUJQQXcICVw5XBNxcQ52SXBeBmEgQAIYZQhTXToGHG5kDGEBd1A8ZRZBA0B2HHpYFGAlenNEZlUKcRVcNVx5H3YAflAFAzxSej5wGksAPAQ9YXg+bUV7XxVDOkJQM2c3S3kvYQRcUT5YG2xlIFsVVnEheENAAix1G315DAADaXFPRD0KTyJ5HQESRHITbm4AUjhUXDBMBABSNGIlYGA0WCp9Tz9VQxVEDHUxDE48fDZgfERAR2JhIFARcEMaZTYBRzpgQGB0MgwbdHI0UjgLRxpiNXZHFGc2YW83EhpLWBhETUl0G045Dn05DRZtBA HTTP/1.1
Host: nanrumandbac.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 1175
date: Wed, 20 Sep 2023 23:00:58 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 978313776816dba934d16309fa2c65c8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: JXnD7YUxNMgrPNBBQxS2xxxGhZzQrPQRbqFTE3bPjv1Xd7zhD6StsQ==
X-Firefox-Spdy: h2
nanrumandbac.com/aDNqMnAJUQlfTwkOCBQFGl9XF0IuFlh0FB0DGkcUWEAOXh0SVURRHAdGDlQCB10eHB4NR08ANiNWLVlEJWYzUDIEaTJXIR9yMnMITQEsYyZcfitqRQ1yWkYVI3ICZyU+XC90NhgFMEUlJXo8ayglVCN8Mjl1DXQxAGQ8XAQNdyxoIw0DBmInPmYBYCZYVjhxFC5xLFY8JEs7dCc6YVpiHB9kK2U+I2Q4cDoMAwZ/M1t9AGEcBGY9cRcmdjgCNAxUKGA0BQYdZjUffwkAPiNkP0I4MQMZXTM5dU8ANj5fAWA2IGEjdhxZYCZgFCVwBFZAO3UNezEwVyNlMkUDLlYYXHI5XiEPdRJ3FClEKHgnKVgMVhxcUChjMU5ZGV0eGA4DWTIEAChkMxx7BA
200 OK 1.2 kB URL GET HTTP/2 nanrumandbac.com/aDNqMnAJUQlfTwkOCBQFGl9XF0IuFlh0FB0DGkcUWEAOXh0SVURRHAdGDlQCB10eHB4NR08ANiNWLVlEJWYzUDIEaTJXIR9yMnMITQEsYyZcfitqRQ1yWkYVI3ICZyU+XC90NhgFMEUlJXo8ayglVCN8Mjl1DXQxAGQ8XAQNdyxoIw0DBmInPmYBYCZYVjhxFC5xLFY8JEs7dCc6YVpiHB9kK2U+I2Q4cDoMAwZ/M1t9AGEcBGY9cRcmdjgCNAxUKGA0BQYdZjUffwkAPiNkP0I4MQMZXTM5dU8ANj5fAWA2IGEjdhxZYCZgFCVwBFZAO3UNezEwVyNlMkUDLlYYXHI5XiEPdRJ3FClEKHgnKVgMVhxcUChjMU5ZGV0eGA4DWTIEAChkMxx7BA
IP
Requested by https://www.upload.ee/files/15555804/GrowRoulette_v3.15.exe.html
Certificate IssuerAmazon
Subjectnanrumandbac.com
FingerprintB9:07:AE:0C:C3:B4:7D:64:13:E1:A6:C7:EB:25:99:0F:9E:6D:43:A2
ValidityWed, 13 Sep 2023 00:00:00 GMT - Fri, 11 Oct 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2996), with no line terminators
Hash 7202d6c2412b5111e46d9da28c57f1f5
fcc08cd0a98d381e8f5a8a6f5693dcd7140e1017
3706be845074229bae04a149892b6fb4645ff1347947f1bcf875c0004e06e8bc
GET /aDNqMnAJUQlfTwkOCBQFGl9XF0IuFlh0FB0DGkcUWEAOXh0SVURRHAdGDlQCB10eHB4NR08ANiNWLVlEJWYzUDIEaTJXIR9yMnMITQEsYyZcfitqRQ1yWkYVI3ICZyU+XC90NhgFMEUlJXo8ayglVCN8Mjl1DXQxAGQ8XAQNdyxoIw0DBmInPmYBYCZYVjhxFC5xLFY8JEs7dCc6YVpiHB9kK2U+I2Q4cDoMAwZ/M1t9AGEcBGY9cRcmdjgCNAxUKGA0BQYdZjUffwkAPiNkP0I4MQMZXTM5dU8ANj5fAWA2IGEjdhxZYCZgFCVwBFZAO3UNezEwVyNlMkUDLlYYXHI5XiEPdRJ3FClEKHgnKVgMVhxcUChjMU5ZGV0eGA4DWTIEAChkMxx7BA HTTP/1.1
Host: nanrumandbac.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1153
date: Wed, 20 Sep 2023 23:00:58 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 978313776816dba934d16309fa2c65c8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: dSZQH3o-NoZh5nQgyNmBkherKoAFaJf5WOKqwbvc-Y1QaQwFaHKsDg==
X-Firefox-Spdy: h2
asrntiljustetyerec.info/S2JqWkFkXQkpfBo0ODIMJhpaOAcaITJpEyE1OxwnLw8gCAANFUwuKC9fU2N2f1NefDEiBldrZzgWCy40OF9bfCglBAVnZz1fW3Ryf0xZbm97RB9ncG0WGjsmdlNMKjU/Dldrd3JXWG9xc1dSaXhz
0 B URL asrntiljustetyerec.info/S2JqWkFkXQkpfBo0ODIMJhpaOAcaITJpEyE1OxwnLw8gCAANFUwuKC9fU2N2f1NefDEiBldrZzgWCy40OF9bfCglBAVnZz1fW3Ryf0xZbm97RB9ncG0WGjsmdlNMKjU/Dldrd3JXWG9xc1dSaXhz
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /S2JqWkFkXQkpfBo0ODIMJhpaOAcaITJpEyE1OxwnLw8gCAANFUwuKC9fU2N2f1NefDEiBldrZzgWCy40OF9bfCglBAVnZz1fW3Ryf0xZbm97RB9ncG0WGjsmdlNMKjU/Dldrd3JXWG9xc1dSaXhz HTTP/1.1
Host: asrntiljustetyerec.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Wed, 20 Sep 2023 23:00:58 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fLVqot3n8VrKu8bdvPaPRxQBx921jQeJaPirf82x3uj4EsuVzwHel07korCLpBk8AuBa5%2FhCG8hemq%2FAkgmTL443qJO2uM93QhS%2BL9BnoLs1469I0bvyUiPqTf%2BRGkk3HaLicdgB%2FL6eTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 809db007ecf4b521-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
nanrumandbac.com/Z1Z6eUEGNBkUfgZrGF80FTpHXHMhc0g/JRJmCgwlVyUeFSwdMFQaLQgjHh8zCDgOVy8CIl9LBxE3SQkrPR4jMAc2ZjkqE18COEgtNwMRSBkxAzA3BCUXNj4DEx4zOwwoGUpNIywFGUwMDSVLLSYuZigrACoSSh0VNj4VMgcmBCAsAFMDOz8tLwIoCgklPQ4fGSU1Lz4QJR4/OAgyEhJJAyUuKxsCMgMoP3A+Dj47dQEUAiACNgMrDRVXZy8scAsdKQE5LwEWQBAtOjQjEgBuND4DUxUoFRsgE0ozFyhmOB8ZVhcXLHALHT8rCzMBPg0SMRNDPxIMewo7EyElHjsmBDI4P3g1HxErIzRnNCwTViI2Ky09ET4rDDUXKDgEJj0gLgwhJjYsKhcRLih4AgArXysUORQJfCQhAil1HxsrKwk/B0IQDw
200 OK 1.2 kB URL GET HTTP/2 nanrumandbac.com/Z1Z6eUEGNBkUfgZrGF80FTpHXHMhc0g/JRJmCgwlVyUeFSwdMFQaLQgjHh8zCDgOVy8CIl9LBxE3SQkrPR4jMAc2ZjkqE18COEgtNwMRSBkxAzA3BCUXNj4DEx4zOwwoGUpNIywFGUwMDSVLLSYuZigrACoSSh0VNj4VMgcmBCAsAFMDOz8tLwIoCgklPQ4fGSU1Lz4QJR4/OAgyEhJJAyUuKxsCMgMoP3A+Dj47dQEUAiACNgMrDRVXZy8scAsdKQE5LwEWQBAtOjQjEgBuND4DUxUoFRsgE0ozFyhmOB8ZVhcXLHALHT8rCzMBPg0SMRNDPxIMewo7EyElHjsmBDI4P3g1HxErIzRnNCwTViI2Ky09ET4rDDUXKDgEJj0gLgwhJjYsKhcRLih4AgArXysUORQJfCQhAil1HxsrKwk/B0IQDw
IP
Requested by https://www.upload.ee/files/15555804/GrowRoulette_v3.15.exe.html
Certificate IssuerAmazon
Subjectnanrumandbac.com
FingerprintB9:07:AE:0C:C3:B4:7D:64:13:E1:A6:C7:EB:25:99:0F:9E:6D:43:A2
ValidityWed, 13 Sep 2023 00:00:00 GMT - Fri, 11 Oct 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3027), with no line terminators
Hash a45cbf1de8c98ca34d71b39f28cdf099
75f43e42941a5ca801e94abac2e433ca0e74fc32
b1afac2bdb3c2c49939406094d6bd9c46227e73d1541be27f1b36128fb54f6a9
GET /Z1Z6eUEGNBkUfgZrGF80FTpHXHMhc0g/JRJmCgwlVyUeFSwdMFQaLQgjHh8zCDgOVy8CIl9LBxE3SQkrPR4jMAc2ZjkqE18COEgtNwMRSBkxAzA3BCUXNj4DEx4zOwwoGUpNIywFGUwMDSVLLSYuZigrACoSSh0VNj4VMgcmBCAsAFMDOz8tLwIoCgklPQ4fGSU1Lz4QJR4/OAgyEhJJAyUuKxsCMgMoP3A+Dj47dQEUAiACNgMrDRVXZy8scAsdKQE5LwEWQBAtOjQjEgBuND4DUxUoFRsgE0ozFyhmOB8ZVhcXLHALHT8rCzMBPg0SMRNDPxIMewo7EyElHjsmBDI4P3g1HxErIzRnNCwTViI2Ky09ET4rDDUXKDgEJj0gLgwhJjYsKhcRLih4AgArXysUORQJfCQhAil1HxsrKwk/B0IQDw HTTP/1.1
Host: nanrumandbac.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1179
date: Wed, 20 Sep 2023 23:00:58 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 978313776816dba934d16309fa2c65c8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: hQTRVnKOiT6N36QUwu-r0A1LYShxSkFNpHeWhbCWWh-_Gkh3pfaTqg==
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c
86 kB URL www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c
IP
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintE6:F7:82:C1:10:AC:08:76:A1:97:70:B7:56:B7:EF:92:30:BA:1E:12
ValidityMon, 14 Aug 2023 08:16:28 GMT - Mon, 06 Nov 2023 08:16:27 GMT
File type ASCII text, with very long lines (3034)
Hash 9ab7f25533bb1d880431f3c91e81478c
35549cc5de5b2a3339277521403acc39144f37b7
3271e3b249e4979cf6c0755f494f28c2f20ccd088fcc2ddc9529894b1a184d2d
GET /gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 20 Sep 2023 23:00:58 GMT
expires: Wed, 20 Sep 2023 23:00:58 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ocsp.pki.goog/gts1c3
472 B IP
Hash 487f1d046e864ae0325b8961694955a4
5022a5b43b580729bc1fd4acc89af4e521926028
21d1f63f35fb16e01693d444e21456b1634e14443bf2300cf0fa35b479adbfdc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 20 Sep 2023 23:00:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
472 B IP
Hash 487f1d046e864ae0325b8961694955a4
5022a5b43b580729bc1fd4acc89af4e521926028
21d1f63f35fb16e01693d444e21456b1634e14443bf2300cf0fa35b479adbfdc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 20 Sep 2023 23:00:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
0 B URL accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:8aJDSceD_x_CPpSd3wMcFlLFSfof0w:cgoFXlzYMcNkZ6zb; Expires=Fri, 19-Sep-2025 23:00:58 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 20 Sep 2023 23:00:58 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhfBwFNUTCOMEkug1tfaD0LidOKBE3hbyJKViC95vPcz39UmgBjv_8wYvdBE7hcabQgjddf3IA
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-OB2hok6zasf2hEmffiS4iw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
0 B URL accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:sThO9vDxAHtWNED2rL9EYU1sQR8JfQ:IoAsIz2oLIHTNTza; Expires=Fri, 19-Sep-2025 23:00:58 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 20 Sep 2023 23:00:58 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVhfV9WOI-jfVTjILu65S4BXG2G1n_qw4ulnSjbG9DANaSNwuYIwgrEpQPQwRLRBn5wRSUwbVDQ
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: unsafe-none
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-2DFjzRd9jSgXFkxWXHWdUA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.upload.ee/favicon.ico
200 OK 1.2 kB URL GET HTTP/1.1 www.upload.ee/favicon.ico
IP
Requested by https://www.upload.ee/files/15555804/GrowRoulette_v3.15.exe.html
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash f299cf2e651c19e48d27900ced493ccb
c2d1086d517d7a26292e0d7b32da7c55b166c23b
115c8eb4840245f7aed0cb2a17fa7e91b86f79bb2f223a25af8cc533e1dedff1
GET /favicon.ico HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15555804/GrowRoulette_v3.15.exe.html
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 20 Sep 2023 23:00:58 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Tue, 16 Dec 2008 17:17:25 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "4947e2a5-47e"
Expires: Wed, 27 Sep 2023 23:00:58 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
471 B IP
Hash 5da314537eb4a5181bfb3d594de065ad
fda976c69522ba08bd38005d39f4c2f562b71f03
9a27d59a008ae4eb9062998c5472c59c2946b02f3adaf4cd2141a0153219809c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 20 Sep 2023 23:00:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
nanrumandbac.com/utx?cb=GJy8I9WmTAN3&top=www.upload.ee&tid=997369
204 No Content 0 B URL GET HTTP/2 nanrumandbac.com/utx?cb=GJy8I9WmTAN3&top=www.upload.ee&tid=997369
IP
Requested by https://www.upload.ee/files/15555804/GrowRoulette_v3.15.exe.html
Certificate IssuerAmazon
Subjectnanrumandbac.com
FingerprintB9:07:AE:0C:C3:B4:7D:64:13:E1:A6:C7:EB:25:99:0F:9E:6D:43:A2
ValidityWed, 13 Sep 2023 00:00:00 GMT - Fri, 11 Oct 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=GJy8I9WmTAN3&top=www.upload.ee&tid=997369 HTTP/1.1
Host: nanrumandbac.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Wed, 20 Sep 2023 23:00:58 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload.ee
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 20 Sep 2023 23:01:58 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 978313776816dba934d16309fa2c65c8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: T9RSr3e2CDShTrbbC1yoGRw-POB4a3PXW5ik9PEEs86ePYIf6-X1Rw==
X-Firefox-Spdy: h2
du0pud0sdlmzf.cloudfront.net/va3pjZHYIFQ0CSR8TB1lPUk1XVUJNEBALGBtHIBMOO04bKSc5Mjs1TgI0RRAMD0dTQhoKFARZUA4UAFlHTRsHBktfXBcUGQBHEAIUDh0BBxQbCUURF1YXDB4fBxYCQUQtT01UU1lKSxxHWl9QJlNZSg8NGB4CRlZGE0JVO0BfX1AmU1lKERJTWDtSVE9FSk-pBRFsdBgcdBF9RIkRbS1NUR1tLRlZGDRMRARAEAkZWMFpLUkpGTQ9eVQ
570 B URL du0pud0sdlmzf.cloudfront.net/va3pjZHYIFQ0CSR8TB1lPUk1XVUJNEBALGBtHIBMOO04bKSc5Mjs1TgI0RRAMD0dTQhoKFARZUA4UAFlHTRsHBktfXBcUGQBHEAIUDh0BBxQbCUURF1YXDB4fBxYCQUQtT01UU1lKSxxHWl9QJlNZSg8NGB4CRlZGE0JVO0BfX1AmU1lKERJTWDtSVE9FSk-pBRFsdBgcdBF9RIkRbS1NUR1tLRlZGDRMRARAEAkZWMFpLUkpGTQ9eVQ
IP
File type ASCII text, with very long lines (795), with no line terminators
Hash f58d59debd9d8379c02b3649d709d44e
e2f0bf17c3050067b89ad5b120023bd0fddbab2c
28dab244acb364b0b9f3a3951b12d9ed464a89974c280b577bdd536575ea4388
GET /va3pjZHYIFQ0CSR8TB1lPUk1XVUJNEBALGBtHIBMOO04bKSc5Mjs1TgI0RRAMD0dTQhoKFARZUA4UAFlHTRsHBktfXBcUGQBHEAIUDh0BBxQbCUURF1YXDB4fBxYCQUQtT01UU1lKSxxHWl9QJlNZSg8NGB4CRlZGE0JVO0BfX1AmU1lKERJTWDtSVE9FSk-pBRFsdBgcdBF9RIkRbS1NUR1tLRlZGDRMRARAEAkZWMFpLUkpGTQ9eVQ HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nanrumandbac.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 570
date: Wed, 20 Sep 2023 23:00:58 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: PaC93TrbhllcfmrZLGcj7H3ixqxNb6vXLn1IWGwQquXapBbAGauX6w==
X-Firefox-Spdy: h2
du0pud0sdlmzf.cloudfront.net/KeGk4MUYbBlZXeQwAXAx/QV4MAX5eA0teKAhUUVoEFFp6ZwUMIVYXMgINBQFgFAhWVnteDFZSe0lPWVUkRV0eRCdFBFdLLxQFWRR0PlwWAWNKWRBJd0lMC3NjSllUWCgNER0DdgBRDm5wTEwLc2NKWUpHY0soCQF/VlkRFHRIDl1SLRdMCnd0SFgIAXdIWB-0Ddh4ASlQgFxEdAwBJWAkfdl4cBQA
191 B URL du0pud0sdlmzf.cloudfront.net/KeGk4MUYbBlZXeQwAXAx/QV4MAX5eA0teKAhUUVoEFFp6ZwUMIVYXMgINBQFgFAhWVnteDFZSe0lPWVUkRV0eRCdFBFdLLxQFWRR0PlwWAWNKWRBJd0lMC3NjSllUWCgNER0DdgBRDm5wTEwLc2NKWUpHY0soCQF/VlkRFHRIDl1SLRdMCnd0SFgIAXdIWB-0Ddh4ASlQgFxEdAwBJWAkfdl4cBQA
IP
File type ASCII text, with no line terminators
Hash 2d87d9d5de2ce0fba6e26a66b93bf927
758c0042b52b9a13a27d29047ac6aa59a7c6c8ca
e27d6ab8fa8e0f16e37c328e236ca06c4f83c6cffdad5ed8f816e26c5d14e2f5
GET /KeGk4MUYbBlZXeQwAXAx/QV4MAX5eA0teKAhUUVoEFFp6ZwUMIVYXMgINBQFgFAhWVnteDFZSe0lPWVUkRV0eRCdFBFdLLxQFWRR0PlwWAWNKWRBJd0lMC3NjSllUWCgNER0DdgBRDm5wTEwLc2NKWUpHY0soCQF/VlkRFHRIDl1SLRdMCnd0SFgIAXdIWB-0Ddh4ASlQgFxEdAwBJWAkfdl4cBQA HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nanrumandbac.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 191
date: Wed, 20 Sep 2023 23:00:58 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 6hGIfw6v7ABsH36cq46BdsUM1e2JPChdku1sweniiCh8A0-QLMRmSg==
X-Firefox-Spdy: h2
nanrumandbac.com/utx?cb=NakNpyQg6cbw&top=www.upload.ee&tid=997414
0 B URL nanrumandbac.com/utx?cb=NakNpyQg6cbw&top=www.upload.ee&tid=997414
IP
Certificate IssuerAmazon
Subjectnanrumandbac.com
FingerprintB9:07:AE:0C:C3:B4:7D:64:13:E1:A6:C7:EB:25:99:0F:9E:6D:43:A2
ValidityWed, 13 Sep 2023 00:00:00 GMT - Fri, 11 Oct 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=NakNpyQg6cbw&top=www.upload.ee&tid=997414 HTTP/1.1
Host: nanrumandbac.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Wed, 20 Sep 2023 23:00:58 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload.ee
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 20 Sep 2023 23:01:58 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 978313776816dba934d16309fa2c65c8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: 1UBbFCzQhJBGhUmJKLXLNsMSkIBezV-fWDMG-EtlHmqXMA3QZPo17w==
X-Firefox-Spdy: h2
du0pud0sdlmzf.cloudfront.net/AbVlLVGUONiUyWhkwL2lcVG54YlxLMzg7Cx1kOhcIFxB9HipUPx5nQxkjL2lVSzUqOgJQfy46BlBobTUBD2R/chEdNiBpFgs7LjMHDjs7J0MYOHY5ChcwJzgESGsNYUtdfHlkTRVoenFWL3x5ZAkENz4sQF9pM2xTMm9/cVYvfHlkFxt8eBVUXWBlZExIa3-szAA4yJHFXK2t7ZVVdaHtlQF9pLT0XCD8kLEBfH3plVENpbSFYXA
600 B URL du0pud0sdlmzf.cloudfront.net/AbVlLVGUONiUyWhkwL2lcVG54YlxLMzg7Cx1kOhcIFxB9HipUPx5nQxkjL2lVSzUqOgJQfy46BlBobTUBD2R/chEdNiBpFgs7LjMHDjs7J0MYOHY5ChcwJzgESGsNYUtdfHlkTRVoenFWL3x5ZAkENz4sQF9pM2xTMm9/cVYvfHlkFxt8eBVUXWBlZExIa3-szAA4yJHFXK2t7ZVVdaHtlQF9pLT0XCD8kLEBfH3plVENpbSFYXA
IP
File type ASCII text, with very long lines (860), with no line terminators
Hash 29e5327ddbdf1a342a58f30ed084cfa5
8cf198a6f669497d8230bdec08c492e40014acc5
a1906729e72c260cf7fbdfa7ed4f6edda34b49e848fe38be213c551557a7e47f
GET /AbVlLVGUONiUyWhkwL2lcVG54YlxLMzg7Cx1kOhcIFxB9HipUPx5nQxkjL2lVSzUqOgJQfy46BlBobTUBD2R/chEdNiBpFgs7LjMHDjs7J0MYOHY5ChcwJzgESGsNYUtdfHlkTRVoenFWL3x5ZAkENz4sQF9pM2xTMm9/cVYvfHlkFxt8eBVUXWBlZExIa3-szAA4yJHFXK2t7ZVVdaHtlQF9pLT0XCD8kLEBfH3plVENpbSFYXA HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nanrumandbac.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 600
date: Wed, 20 Sep 2023 23:00:58 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: M_g2LgmIXvkKvDcBnFqYKpCrO2RhSffUnAcxa4L8Ou4UxRrzzEx3QA==
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhfBwFNUTCOMEkug1tfaD0LidOKBE3hbyJKViC95vPcz39UmgBjv_8wYvdBE7hcabQgjddf3IA
302 Found 398 B URL GET HTTP/3 accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhfBwFNUTCOMEkug1tfaD0LidOKBE3hbyJKViC95vPcz39UmgBjv_8wYvdBE7hcabQgjddf3IA
IP
Requested by https://www.upload.ee/files/15555804/GrowRoulette_v3.15.exe.html
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5A:48:5B:27:A7:FB:0B:D6:63:83:8E:8E:80:DB:29:B7:2C:72:A8:8E
ValidityMon, 14 Aug 2023 08:16:28 GMT - Mon, 06 Nov 2023 08:16:27 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (394)
Hash dfdec2c220998546ffcea7f525f4b2cf
71e620238db59cb327884242d3b4b8aaba0827ab
759cfed95e27e27c11a290bbaea91b43458b529868a4e9c378bf6b04d99e55a5
GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhfBwFNUTCOMEkug1tfaD0LidOKBE3hbyJKViC95vPcz39UmgBjv_8wYvdBE7hcabQgjddf3IA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:aQrQR5VE9TsuYOCiVC-6CJ8DdCqvpA:rH89Yw0oGRApjcNb;Path=/;Expires=Fri, 19-Sep-2025 23:00:59 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 20 Sep 2023 23:00:59 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhfBOumSEpHlAbgZ6Zfyfk6OwlK1jjC-1dvW8w9-prlFzGER6veWqh9ItV5YnRE_CYI5Ki0o&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096456054%3A1695250859055212&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-tsJdwMofHzFSkg3FnweH-g' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 398
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVhfV9WOI-jfVTjILu65S4BXG2G1n_qw4ulnSjbG9DANaSNwuYIwgrEpQPQwRLRBn5wRSUwbVDQ
407 B URL accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVhfV9WOI-jfVTjILu65S4BXG2G1n_qw4ulnSjbG9DANaSNwuYIwgrEpQPQwRLRBn5wRSUwbVDQ
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (398)
Hash 8b35b4ce69514b73bf8bcdc6f5defa23
09211d68d9b263adaf3648767292007f04ee207d
36ffb148fc21d4e25770d8943b6e7bbc9b3d0fdf6a754604b0294b55669350d9
GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVhfV9WOI-jfVTjILu65S4BXG2G1n_qw4ulnSjbG9DANaSNwuYIwgrEpQPQwRLRBn5wRSUwbVDQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:Eh_An3MrOBd2uorIjccJxea2agP_Uw:ezDaiKMV8PvoiNSP;Path=/;Expires=Fri, 19-Sep-2025 23:00:59 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 20 Sep 2023 23:00:59 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhfl4f2UaShSzFE6Jn6bMM-oYOhCP87YM4SZH3hNt55xjqgSnHVF4lQCDB5ViQ5p4yJlpwty&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2130640562%3A1695250859087843&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-Cej9pBu53wcBEd9SUFPfMQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 407
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhfl4f2UaShSzFE6Jn6bMM-oYOhCP87YM4SZH3hNt55xjqgSnHVF4lQCDB5ViQ5p4yJlpwty&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2130640562%3A1695250859087843&theme=glif
808 B URL accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhfl4f2UaShSzFE6Jn6bMM-oYOhCP87YM4SZH3hNt55xjqgSnHVF4lQCDB5ViQ5p4yJlpwty&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2130640562%3A1695250859087843&theme=glif
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1644), with no line terminators
Hash e0fe9bc73931607727692fc5727bfea9
4765deca38a1286b0c8bfca2c4b6bd48e3926c26
69bbc3bca195975e74632734ecb60c2020a8d684a9d921c86457b824743c5866
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhfl4f2UaShSzFE6Jn6bMM-oYOhCP87YM4SZH3hNt55xjqgSnHVF4lQCDB5ViQ5p4yJlpwty&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2130640562%3A1695250859087843&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 20 Sep 2023 23:00:59 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-j7Mw1KFJOOxOKNhMf2GEwQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=9998400&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15555804%2F9371d52e39701d75b645%2Fgrowroulette_v3.15.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15555804%2FGrowRoulette_v3.15.exe.html&rnd=1695250858244
1.3 kB URL GET serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=9998400&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15555804%2F9371d52e39701d75b645%2Fgrowroulette_v3.15.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15555804%2FGrowRoulette_v3.15.exe.html&rnd=1695250858244
IP
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15555804/GrowRoulette_v3.15.exe.html
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type ASCII text, with very long lines (394)
Hash ade04328d28e19cd64fc23bd7eaeb124
b2c939e049a4b2ff4633e0f6068c6abc842cda4e
cd3f04cd7c0ad1835e66ed0246fed5fdf681f8ad3a9ebc00660967075b4edf19
GET /script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=9998400&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15555804%2F9371d52e39701d75b645%2Fgrowroulette_v3.15.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15555804%2FGrowRoulette_v3.15.exe.html&rnd=1695250858244 HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: private, must-revalidate, max-age=0
vary: accept-encoding
content-encoding: gzip
content-type: text/plain;charset=ISO-8859-1
date: Wed, 20 Sep 2023 22:53:04 GMT
set-cookie: bepolite_id=66d8f7ee697a934fb01f7e8dcf41595d; Max-Age=7776000; Expires=Tue, 19-Dec-2023 22:53:04 GMT; SameSite=None; Secure
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 449896497
age: 0
accept-ranges: bytes
content-length: 1258
X-Firefox-Spdy: h2
static.bepolite.eu/scripts/saresponsive.js
177 kB URL static.bepolite.eu/scripts/saresponsive.js
IP
ASN #3327 CITIC Telecom CPC Netherlands B.V.
File type ASCII text, with very long lines (32077), with CRLF line terminators
Size 177 kB (176967 bytes)
Hash 636b4ad7f97aa55c2242b396fe3e9f44
b4d6aae9e6f3de7fb4478f9ee5e12a8141bb02ba
54f7e44d9e8b65978b3753e157c4a3c9c338645fcc31429f6c49aca5e4bd1c62
GET /scripts/saresponsive.js HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
accept-ranges: bytes
etag: "2348240467"
last-modified: Sun, 17 Sep 2023 21:45:34 GMT
content-length: 176967
date: Wed, 20 Sep 2023 23:00:49 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 461675148
age: 0
X-Firefox-Spdy: h2
static.bepolite.eu/banners/593acd67-0e3b-411a-b870-efaf970de189/TM_TMKERyobi160x600px.jpg
200 OK 108 kB URL GET HTTP/2 static.bepolite.eu/banners/593acd67-0e3b-411a-b870-efaf970de189/TM_TMKERyobi160x600px.jpg
IP
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15555804/GrowRoulette_v3.15.exe.html
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 160x600, components 3\012- data
Size 108 kB (108287 bytes)
Hash 6e351fe64d5131eda577ebd3f485aff4
5d6ae48d7c6f838b16b93e6e4409e56c335a8b02
4b3bb7f45fc3328871891374cba38638f4f34104b884cb22dd4dd01aa40b3f66
GET /banners/593acd67-0e3b-411a-b870-efaf970de189/TM_TMKERyobi160x600px.jpg HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
accept-ranges: bytes
etag: "3970347175"
last-modified: Fri, 01 Sep 2023 10:32:10 GMT
content-length: 108287
date: Wed, 20 Sep 2023 23:00:49 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 462852468
age: 0
X-Firefox-Spdy: h2
static.bepolite.eu/files/close-gray.png
200 OK 1.5 kB URL GET HTTP/2 static.bepolite.eu/files/close-gray.png
IP
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15555804/GrowRoulette_v3.15.exe.html
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash 41d9676ab94bece3f7a549b4769ddbe2
521f14490fc57fea51e2e5bf00e2299dce51561b
c2f89787bda82263fceb9ec11d398fa83a5f22abf248956df29bdee2987d2f34
GET /files/close-gray.png HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
accept-ranges: bytes
etag: "1971769258"
last-modified: Fri, 08 Apr 2022 18:07:56 GMT
content-length: 1497
date: Wed, 20 Sep 2023 23:00:49 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 449896503
age: 0
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF1hae_ea4vdSBzrSaJTzWjQc3CfdkLghllBjpU8YLW7Nyi1BzH-rGICrLZe-UGK6O3of0MW8JGY3InB_-qT1MTetzeQE_1CPRRUcw4YLhwXF6gTkfpEeF93qZuDGUTLHq83vZphtiTySKozGjkHLzEPzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3D22C9n62hXmnzyZQA8L6gBhYenGdew-JFZhdg0lw6vhUOnqstHGoyP23a1xw_tMja5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
0 B URL serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF1hae_ea4vdSBzrSaJTzWjQc3CfdkLghllBjpU8YLW7Nyi1BzH-rGICrLZe-UGK6O3of0MW8JGY3InB_-qT1MTetzeQE_1CPRRUcw4YLhwXF6gTkfpEeF93qZuDGUTLHq83vZphtiTySKozGjkHLzEPzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3D22C9n62hXmnzyZQA8L6gBhYenGdew-JFZhdg0lw6vhUOnqstHGoyP23a1xw_tMja5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF1hae_ea4vdSBzrSaJTzWjQc3CfdkLghllBjpU8YLW7Nyi1BzH-rGICrLZe-UGK6O3of0MW8JGY3InB_-qT1MTetzeQE_1CPRRUcw4YLhwXF6gTkfpEeF93qZuDGUTLHq83vZphtiTySKozGjkHLzEPzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3D22C9n62hXmnzyZQA8L6gBhYenGdew-JFZhdg0lw6vhUOnqstHGoyP23a1xw_tMja5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=66d8f7ee697a934fb01f7e8dcf41595d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Wed, 20 Sep 2023 23:00:49 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 462526111
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
oldpiecesontheth.com/MHB0NlgfTxdFZX1BPgAWAxMzVzMIOCZ3AlwhE2QdcjcmfRplE1JCMVRNTQ9vBEFAEChZFEkHfkMEFUItQ01HBmgBVh1YPl9NRAZoAVYCC2keQ0AYawReRBAtDUFADmwCRUABbAdGRAVsCEBSQihRF0kHfkAEAFplAUZNA2oFQEwDYQhGQQ
204 No Content 0 B URL POST HTTP/2 oldpiecesontheth.com/MHB0NlgfTxdFZX1BPgAWAxMzVzMIOCZ3AlwhE2QdcjcmfRplE1JCMVRNTQ9vBEFAEChZFEkHfkMEFUItQ01HBmgBVh1YPl9NRAZoAVYCC2keQ0AYawReRBAtDUFADmwCRUABbAdGRAVsCEBSQihRF0kHfkAEAFplAUZNA2oFQEwDYQhGQQ
IP
Requested by https://www.upload.ee/files/15555804/GrowRoulette_v3.15.exe.html
Certificate IssuerGoogle Trust Services LLC
Subjectoldpiecesontheth.com
Fingerprint4F:41:E6:37:24:5A:21:1C:F2:BC:AA:9E:1C:59:ED:CF:BD:CC:29:68
ValidityWed, 13 Sep 2023 06:26:19 GMT - Tue, 12 Dec 2023 06:26:18 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /MHB0NlgfTxdFZX1BPgAWAxMzVzMIOCZ3AlwhE2QdcjcmfRplE1JCMVRNTQ9vBEFAEChZFEkHfkMEFUItQ01HBmgBVh1YPl9NRAZoAVYCC2keQ0AYawReRBAtDUFADmwCRUABbAdGRAVsCEBSQihRF0kHfkAEAFplAUZNA2oFQEwDYQhGQQ HTTP/1.1
Host: oldpiecesontheth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
date: Wed, 20 Sep 2023 23:00:59 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cGiRMBwBgqCP2Vcf9uJCVvtcSh8znEs9ILQkK3iRYUOYbp%2FmzFnbMUjuy9n542I92Y26dq2iZ%2BTY7VgOeKCcfN3M%2B8Xu2bkfqUS6COwnpXN0Fi%2F7QkTJxV9ZmlasBDS7lGAIJgjIhg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 809db0112bfc5696-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 102 kB IP
Requested by https://www.upload.ee/files/15555804/GrowRoulette_v3.15.exe.html
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
Size 102 kB (102400 bytes)
Hash 4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 20 Sep 2023 23:00:58 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 7097
last-modified: Wed, 20 Sep 2023 21:02:41 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7lYxlYSpyb%2B7dNdhjhSPxhHaJx76VpyafccWo%2FO1KjZcSXhIoXUD048uzVre2kBcHKf9evbDVUu5GTT9jmybP4YB4ajkMCbeEz1rGI5n0ogudF0q6jETs4f2S%2BNW3Ncm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 809db00c7a7e48c8-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
200 OK 27 B IP
Requested by https://www.upload.ee/files/15555804/GrowRoulette_v3.15.exe.html
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash f17f7572e05b70b7e5cef0c5070ee725
8a3d302c911a8a3ddbf07f401019d1d7714a0405
5aa53ad5452726bf1d5572ec257accc8ec4d00dd23ca0f6197c59e8a9cc3d541
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 20 Sep 2023 23:00:59 GMT
content-type: text/plain
set-cookie: csu=1484254747603480@1@1695250858; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oZimhN%2F3adfDEpCw20wrgRaHNWqJ0fXRl52OUvwxOvf5xxmfRWGDhARGY9MNqDWrIugiHJTVMb5M6tz2V8eVJVfdt8aY%2BvUSjygGdA70FV3%2FJB7f2m0bU7R9k5TN6kdq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 809db00c6a6448c8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 102 kB IP
Requested by https://www.upload.ee/files/15555804/GrowRoulette_v3.15.exe.html
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
Size 102 kB (102400 bytes)
Hash 4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 20 Sep 2023 23:00:58 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 7097
last-modified: Wed, 20 Sep 2023 21:02:41 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D8VHn%2FHosCocnxoPgHRHjheSDbB2J7ipecHEkMARlVo8EOi786fR7Hv1LfsnUBilPxHvpx2ye7oRVwcfmx8GKGVWaK0YYsvDEbXqih9FGfsL2TD1IT93rPn29bqA9cVY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 809db00c7a8248c8-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhfBOumSEpHlAbgZ6Zfyfk6OwlK1jjC-1dvW8w9-prlFzGER6veWqh9ItV5YnRE_CYI5Ki0o&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096456054%3A1695250859055212&theme=glif
403 Forbidden 0 B URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhfBOumSEpHlAbgZ6Zfyfk6OwlK1jjC-1dvW8w9-prlFzGER6veWqh9ItV5YnRE_CYI5Ki0o&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096456054%3A1695250859055212&theme=glif
IP
Requested by https://www.upload.ee/files/15555804/GrowRoulette_v3.15.exe.html
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5A:48:5B:27:A7:FB:0B:D6:63:83:8E:8E:80:DB:29:B7:2C:72:A8:8E
ValidityMon, 14 Aug 2023 08:16:28 GMT - Mon, 06 Nov 2023 08:16:27 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhfBOumSEpHlAbgZ6Zfyfk6OwlK1jjC-1dvW8w9-prlFzGER6veWqh9ItV5YnRE_CYI5Ki0o&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2096456054%3A1695250859055212&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 20 Sep 2023 23:00:59 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-jNvCKPPBdkmldrisKW7j_g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
51.91.30.159
212.47.222.21
143.204.42.89
188.114.96.1
0.0.0.0